MDVSA-2011:108

Problembeschreibung

A vulnerability was discovered and corrected in xerces-j2:

Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE)
in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update
20, and in other products, allows remote attackers to cause a denial
of service (infinite loop and application hang) via malformed XML
input, as demonstrated by the Codenomicon XML fuzzing framework
(CVE-2009-2625).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490